LDAP search limits (ITS#1434)

Full_Name: Alan D. Lawrence
Version: 2.0.18
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (136.1.1.33)
I've noticed when porting an application from another platform that the controls
that limit search results does not seem to work the way one might expect.
My slapd.conf has entries that look like this in my test case.
timelimit 6000
sizelimit 100000
idletimeout 600
If I do a ldapsearch with the "-z" flag set to 1000 I would expect that I would
get 1000 entries returned even if 30,000 existed. That seems to be the case but
the slapd server seems to search for upto 100,000 matches (or the end of the
database) and then returns the results.
The long return times and the cache growing to a size that could contain the
results to a complete query are a tip of that this is happening.
As a test I set the sizelimit to 1000 in the slapd.conf and see a much quicker
response and far less memory caching.
The question is, is this a bug or just a difference of interpretation? How would
an application control this? Sometimes (most) it should restrict results to the
first 1000, less often it should do complete searches that could have 100,000
entries maybe even more. I can see that the application I have uses ldapsearch
-z and the Perl interface "ldap_set_option ( $userConn->getLD(),
LDAP_OPT_SIZELIMIT, $MAX_VIEW_MSGS);" but both do not seem to limit anything.
With over 250,000 entries in the directory this gives the impression of a real
performance hit.